Skip to main content

Last Call Review of draft-ietf-lisp-mib-08
review-ietf-lisp-mib-08-secdir-lc-kumari-2013-06-27-00

Request Review of draft-ietf-lisp-mib
Requested revision No specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-07-09
Requested 2013-01-10
Authors Gregg Schudel , Amit Jain , Victor Moreno
Draft last updated 2013-06-27
Completed reviews Genart Last Call review of -08 by Miguel Angel García (diff)
Genart Telechat review of -11 by Suresh Krishnan (diff)
Secdir Last Call review of -08 by Warren "Ace" Kumari (diff)
Assignment Reviewer Warren "Ace" Kumari
State Completed
Review review-ietf-lisp-mib-08-secdir-lc-kumari-2013-06-27
Reviewed revision 08 (document currently at 13)
Result Has Nits
Completed 2013-06-27
review-ietf-lisp-mib-08-secdir-lc-kumari-2013-06-27-00
Be ye not afraid….

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This draft defines a MIB for monitoring LISP devices.
This set off the standard "Nooooo… SNMP Write… Noooo…." alarm bells, but then I
skipped down to the Security Considerations section and saw that authors had
anticipated my shrieks of despair and that the draft says that there are no
read-write / read-create objects.

The Security Considerations section seems well written and complete. It makes a
suggestion that SNMPv3, with crypto goodness, be used to access this MIB. It
also claims that there is no exposed objects in the MIB that are considered
sensitive. I don't LISP, and so don't know what all might be considered
sensitive, but from reading most of the descriptions, and applying some
common-sense the claim seems reasonable.

-----------

Two questions / nits:
1: The DESCRIPTION for 'lispMIBTuningParametersGroup' says: "A collection of
writeable objects used to…" but these seem Read-only. It is possible I
misunderstand the description.

2: The Security Considerations section points out that SNMP prior to V3 doesn't
have adequate security, and that there is no control who can GET/**SET** 
things (emphasis mine). I suspect that this was lifted verbatim from e.g

http://tools.ietf.org/html/rfc5834

.

As there is no set / write in this MIB I think that removing the mention of
setting things would be clearer. s/to access and GET/SET
(read/change/create/delete) the objects/to access the objects/

Apologies for how late this review is. I was filtering the SecDir assignments
into an incorrect folder and so missed it completely.

W

--
Some people are like Slinkies......Not really good for anything but they still
bring a smile to your face when you push them down the stairs.